Est | Rus

Internet Bank:

Business clients

Phone:
+372 6 752 000
E-mail:
ariklient at sampopank dot ee

Business clients E-services Sampo Bank Link Technical description

Sampo Bank Link

See also

Additional information

pangalink at sampopank dot ee

-- BOXES END --

Queries

Queries from the merchant to the bank support and help coordinate the client’s actions, for example when filling out a payment order.

Each query corresponds to one service. The parameters given are checked according to the service. The list and sequence of the parameters depends on the service used. The queries that demand a reply are answered by the bank after the client has completed her operation. The reply usually contains the details of the operation and the remark regarding its success. The queries from the merchant to the bank are redirected to an URL: https://www2.sampopank.ee/ibank/pizza/pizza.

Queries from the bank to the merchant are usually replies to previous queries. The form of the reply varies according to the service.

Queries are HTTP GET or POST queries with specified parameters. Each query contains a service number. Each service has a unique list of parameters and its own algorithm for handling the query. By content, the service number is the algorithm number of query handling.

  • Parameters that are requested by the service but are missing, are counted as empty fields.
  • The decimals and cents in the amounts presented in queries are separated by a dot ".". A separator of thousands is not used.
  • Dates are presented in the format "DD.MM.YYYY," e.g. 17.02.2001.
  • The time is indicated in the format "hh24:min:sec," e.g. 17:02:59.
  • The length of the value of the parameter must not exceed that which is prescribed in the specifications. Upon exceeding the length, a query is not processed.
  • The values of parameters can be shorter than the permitted maximum length. Missing fields are not filled in.
  • The spaces at the beginning and at the end of the value of a parameter are removed.
  • An error message is sent in reply to queries that do not match the specifications and are invalid.
  • Non-standard input data of transactions (e.g. the account number or the reference number does not meet the standard) are accepted for processing. When the client is allowed to change the data of the transaction according to its specification, it is possible to complete the transaction successfully.
  • Supported encoding is ISO-8859-1.
  • Operations to be performed on the basis of a query are carried out pursuant to the general requirements of the service (requirements of payment orders, etc.). Queries can be divided into merchant or bank queries according to their preparer. Queries can be divided into those that require a reply and that do not require a reply. According to the purpose, queries are divided as follows: 1xxx - initiation of transactions 3xxx - identification queries.

Generation of keys

Keys can be generated by means of openssl utility. A certificate query contains a public key. The data contained in the query are signed with a private key. The private key must be kept secret from others. The exchange of public keys takes place upon conclusion of an agreement. The files of keys are in PEM format, i.e. that the contents are encoded by means of BASE64 and placed between the words ––BEGIN...–– and ––END...––.

Calculation of digital signature VK_MAC

The digital signature VK_MAC is sent to the bank together with each query. The value of the digital signature VK_MAC used in queries is calculated on the basis of the agreed algorithm, VK_VERSION. The version currently used is 008. Versions 001, 002 and 007 are no longer used. The algorithm of signing may also change in the future as new methods are invented in the world.

VK_MAC is submitted as the value of the query parameter in BASE64 encoding. The hexa strings that were in the previous versions of the specifications are not used!
Version 008 MAC008(x1, x2, …, xn) := RSA(SHA-1(p(x1)||x1||p(x2)||x2||…||p(xn)||xn),d,n)

where:

  • || is the string concatenation;
  • x1, x2, …, xn are the parameters of the query;
  • p is a function of the length of the parameter. The output is in the form of a three-digit string
  • d is the secret exponent of RSA;
  • n is the RSA modulus.

Signature is calculated according to the PKSC1 standard (RFC 2437).

Exchange of public keys

The exchange of public keys takes place upon conclusion of an agreement.

Before concluding a financial services agreement presented on the website of Danske Bank A/S Estonia branch www.sampopank.ee, we recommend you to familiarize yourself with the terms and conditions of the agreement. For further information, please call Sampo Pank's Customer Info Line on 6 800 800.